Home > Articles > Security > Network Security

📄 Contents

  1. Types of .NET Security
  2. Using Imperative Security
  3. Using Declarative Security
  4. Advantages and Disadvantages of the Two Security Implementations
  • Print
  • + Share This
Like this article? We recommend

Advantages and Disadvantages of the Two Security Implementations

At some point, you have to make a decision about the form of security that best suits your application. In many cases, you'll use both forms in the same application, because each has specific advantages. Here's a list of advantages for imperative security:

  • It doesn't appear in the application manifest, so it's harder for a cracker to discover the security measures you put in place.

  • You can't create dynamic security conditions using declarative security—imperative security is more flexible in this area.

  • Imperative security can be easier to use, because it relies on statements that are easy to debug.

Declarative security is also essential. In some cases, you can't perform a given security task without using declarative security. Here's a list of the primary declarative security advantages:

  • This form of security appears in the manifest, which is a requirement for using utilities such as the Permission View Tool that comes with Visual Studio .NET. The Permission View Tool can help you perform a security audit of your application.

  • This is the only method you can use to declare assembly level security, such as the requirement to validate code before using it.

  • Because declarative security always appears at the beginning of the application element, it's easier to find the security settings. That makes it a better option from a documentation perspective.

As you can see, declarative and imperative forms of security both have a place in your .NET security toolkit. There are times when just one choice is correct, but, plenty of times, it'll be a matter of your personal choice.

  • + Share This
  • 🔖 Save To Your Account